utilicomm-uc-securityAs organizations look to take advantage of the flexibility, scalability, manageability and financial benefits of unified communications (UC), they cannot overlook security concerns. By exposing data, voice and mobile applications to the public Internet, IP-based communication platforms present some unique risks.

Session border controllers (SBCs) are key security and control tools In a UC environment, but they have typically been implemented almost exclusively by carriers on their side of the connection. As the threat landscape evolves, however, many organizations are employing their own SBCs rather than depending entirely upon service providers to secure the network edge.

SBCs on the customer side are known as enterprise SBCs (eSBCs), and they are increasingly being packaged as part of UC solutions. According to the technology market research firm Infonetics, eSBC revenues grew from just over $60 million in 2013 to $271 million in 2015, with the market expected to reach $422 million by 2018.

One reason security is a bit tricky with UC is that conventional IP networking components such as routers and firewalls are not designed to manage real-time communications and can cause latency problems for time-sensitive voice and video traffic. Interoperability issues at the network edge can create additional performance problems.

An eSBC addresses all of these issues. Deployed as either dedicated hardware, software or virtualized network functions, eSBCs help secure the network edge, regulate traffic in and out of the network, and normalize signaling and media used in real-time communications.

The best eSBCs are designed specifically for a business environment and aren’t just repackaged versions of carrier-grade products. They are built to be affordable, scalable, manageable and easy to install. Many of the design characteristics are focused on securing voice communications through Session Initiation Protocol (SIP) trunks.

SIP is the standard signaling protocol used to establish voice and video connections in UC solutions, and an SIP trunk connects the IP-PBX to the traditional Public Switched Telephone Network (PSTN) over an Internet connection. The eSBC serves as a kind of traffic cop between the UC infrastructure, the Internet and the SIP trunk. It terminates and re-originates each communications session, processing traffic in real time to identify incoming threats. It also offers deep packet inspection, policy enforcement and other security functionality, providing more control than an application-layer firewall.

Another key function of an eSBC is to act as a translator at the network edge. Since SIP was introduced in 1999, there has been constant development of new extensions to add features on top of the basic protocol. As a result, SIP providers typically have their own customized flavor of the protocol. An eSBC imposes protocol normalization to enable communication from multiple carriers.

An eSBC also must translate a wide range of the codecs that convert audio signals into compressed digital form. Early VoIP solutions used fairly standard sets of codecs, but carriers and service providers have since developed dozens of new codecs — some of which may not be supported at both ends of a communications session. With support for most codecs, eSBCs can normalize communications without any data loss or latency.

The growth of mobile and unified communications platforms enable new levels of collaboration and productivity, but technology conflicts can occur along the boundaries between wired, wireless and cellular networks. An eSBC can ease those conflicts by connecting disparate networks, mitigating security threats and ensuring reliable communications.

View Comments

Comments are closed.